SOtechnology Customer Testimonial.
SOtechnology is a UK-based web development agency that designs, builds, and maintains digital platforms for a range of clients across sectors. As their client roster has grown, so too has the complexity of managing the open source components that underpin the software they deliver – each project carrying its own dependencies, versions, and licence obligations. Staying on top of that at portfolio scale, without burdening either their engineering team or their clients, had become an increasingly pressing challenge.
The Problem
For a web development agency like SOtechnology, open source is the foundation of almost everything they build. Frameworks, libraries, utilities – third-party components accelerate delivery and reduce cost. But with multiple client projects running simultaneously, each with its own dependency tree, getting a clear and consistent picture of version health, licence exposure, and security posture had become difficult to manage.
Claire Mirfin, Managing Director of SOtechnology, recognised that ad-hoc audits and developer-led reviews simply weren’t scaling. Without a systematic approach, licence obligations could go untracked, outdated packages could accumulate unnoticed, and – increasingly – clients were beginning to ask harder questions about the software supply chain underpinning their platforms.
“We knew open source was central to how we deliver for clients, but we didn’t have a consistent, automated way to show them what was actually inside their platforms. Licence types, version drift, unmaintained packages – these were risks we were carrying across our portfolio without a clear view of the full picture. We needed something that would surface all of that automatically.”
— Claire Mirfin, Managing Director, SOtechnology
The Solution
After an initial conversation with The Code Registry team, it was clear that the platform’s OSS scanning capability – powered by SCANOSS, a leading open source intelligence engine – offered exactly the kind of systematic, automated solution Claire was looking for. Onboarding was frictionless: SOtechnology connected their client projects to The Code Registry’s secure code vault infrastructure, and the platform immediately began scanning codebases to identify open source components, match them against known libraries, and surface version and licence information in a clear, structured dashboard.
Crucially, the output wasn’t just readable by developers – it was something Claire could present directly to clients and business stakeholders without translation.
“The setup was genuinely quick, and the value was immediate. What I liked was that it didn’t ask us to change how we work – it just gave us visibility into what we were already doing, across all of our client projects in one place. For an agency managing multiple codebases simultaneously, that consolidation alone is a significant win.”
— Claire Mirfin, Managing Director, SOtechnology
For one client, Keiko Logistics, the scan identified over 90 open source components across their projects – automatically classifying each by licence type (including MIT, Apache-2.0, ISC, and several GPL variants) and flagging current versus latest versions. Of those 90+ components, 52 were already confirmed as up to date, giving both SOtechnology and Keiko Logistics a clear baseline from which to plan structured upgrade cycles for the remainder.
The Results
Since implementing The Code Registry, SOtechnology now has continuous, automated OSS governance across their client portfolio – with no manual overhead. The platform has replaced one-off audits with an always-on view of dependency health, licence obligations, and version alignment, giving Claire and her team the data they need to manage risk proactively and have informed conversations with clients about their platforms.
“What’s changed is that we now have a governance posture rather than a reactive process. We can see exactly what’s being used across client projects, where there’s version drift, and where licence types might create obligations down the line. That’s the kind of intelligence that used to require a dedicated audit – now it’s just always there. And it’s something we can take directly to clients as part of the value we deliver.”
— Claire Mirfin, Managing Director, SOtechnology
The ability to quantify the third-party footprint across client codebases has also opened up new conversations with clients around roadmap planning and technical investment – turning open source visibility from a governance obligation into a genuine business intelligence asset.
When asked whether she would recommend The Code Registry to other agency leaders, Claire’s response was direct:
“Absolutely. Any development agency managing multiple client codebases needs this kind of visibility – not just for their own governance, but to demonstrate to clients that what’s being built on their behalf meets the standards they should expect. The Code Registry makes that easy.”
— Claire Mirfin, Managing Director, SOtechnology
Want to Learn More?
